[PATCH RFC 05/12] integrity: Introduce mok keyring

Eric Snowberg eric.snowberg at oracle.com
Wed Jul 7 22:32:17 UTC 2021


> On Jul 7, 2021, at 3:26 PM, Jarkko Sakkinen <jarkko at kernel.org> wrote:
> 
> On Wed, Jul 07, 2021 at 12:31:23PM -0700, Linus Torvalds wrote:
>> On Tue, Jul 6, 2021 at 7:45 PM Eric Snowberg <eric.snowberg at oracle.com> wrote:
>>> 
>>> Introduce a new keyring called mok.  This keyring will be used during
>>> boot. Afterwards it will be destroyed.
>> 
>> Already discussed elsewhere, but yeah, when using TLA's, unless they
>> are universally understood (like "CPU" or "TLB" or whatever), please
>> spell them out somewhere for people who don't have the background.
>> 
>> I saw that you said elsewhere that MOK is "Machine Owner Key", but
>> please let's just have that in the sources and commit messages at
>> least for the original new code cases.
>> 
>> Maybe it becomes obvious over time as there is more history to the
>> code, but when you literally introduce a new concept, please spell it
>> out.
>> 
>>           Linus
>> 
> I'd suggest for the short summary:
> 
> "integrity: Introduce a Linux keyring for the Machine Owner Key (MOK)"
> 
> Given that "keyring" is such a saturated and ambiguous word, and this not a
> subsystem patch for keyring itself, it should be explicit what is meant by
> a keyring.

If we can go in this direction, I will update the heading as Jarkko has 
suggested in a follow on series.  I will also include a better summary in 
this patch, along with a MOK explanation at the beginning. Thanks.



More information about the Linux-security-module-archive mailing list